BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Elite Russian Hackers Claim To Have Breached Three Major U.S. Antivirus Makers
School Lunch Business Rivalry Leads To Hacking Charges
Cybercriminals Steal $1.75 Million From An Ohio Church
Ransomware Hits Yet Another U.S. Airport
A Free Wi-Fi Finder App Exposed Passwords To Millions Of Networks
A Ransomware Attack Knocked The Weather Channel Off The Air
Edit Story
ForbesInnovationCybersecurity

Nasty Password-Pilfering Hack Ruins Apple macOS High Sierra Launch

Thomas Brewster
Forbes Staff
Senior writer at Forbes covering cybercrime, privacy and surveillance.
Following
This article is more than 6 years old.

Apple released a new macOS operating system today, dubbed High Sierra. But already a serious weakness has been found lurking within, a security researcher has claimed, allowing a hacker to steal passwords from Apple Macs running the new OS.

Patrick Wardle, ex-NSA analyst and now head of research at security firm Synack, found the problem Monday, warning that it could allow anyone able to run malicious code on a Mac to pilfer passwords from the keychain. Apple uses the keychain to store user passwords and should only be accessible to the owner of the Mac. All those logins are typically unlocked with a master password. But Wardle, as shown in the video below, was able to carry out an attack that sent all the contents of the keychain to an attacker without the need for that password.

With his "keychainStealer" app, the researcher's hack forced the keychain to disclose Facebook, Twitter and Bank of America passwords. Also note Wardle's cheeky request for a macOS bug bounty for charity during the launch process for the keychainStealer.

"Without root priveleges, if the user is logged in, I can dump and exfiltrate the keychain, including plaintext passwords," Wardle told Forbes. "Normally you are not supposed to be able do that programmatically."

At the time of publication, Apple hadn't responded to a request for comment.

If turned truly malicious, Wardle's keychain exploit would likely be the second-stage of an attack, on top of an initial hack that would run rogue code on an Apple machine. He claimed it wasn't hard to get malicious code running on a Mac today. Indeed, he's repeatedly shown how to execute attacks on Apple's operating system in recent years, and earlier this month highlighted problems in macOS High Sierra's "Secure Kernel Extension Loading" (SKEL) feature, which was designed to require user approval before third-party code ran at the kernel level of the operating system. Wardle showcased an attack on an unpatched and previously-unknown vulnerability (i.e. a "zero-day") that bypassed SKEL security.

"Most attacks we see today involve social engineering and seem to be successful targeting Mac users," he added. "I'm not going to say the [keychain] exploit is elegant - but it does the job, doesn't require root and is 100% successful."

He hasn't revealed the full exploit code, but expects Apple will patch the issue eventually.

Follow me on TwitterCheck out my websiteSend me a secure tip
Thomas Brewster
Thomas Brewster